CVE-2025-2310
- Source
- https://cve.org/CVERecord?id=CVE-2025-2310
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2310.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-2310
- Downstream
- Published
- 2025-03-14T21:00:09.852Z
- Modified
- 2026-05-10T18:42:09.905301082Z
- Severity
-
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
- Details
-
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
- Database specific
{ "cna_assigner": "VulDB", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2310.json", "unresolved_ranges": [ { "source": "AFFECTED_FIELD", "extracted_events": [ { "last_affected": "1.14.6" } ] } ], "cwe_ids": [ "CWE-119", "CWE-122" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2310.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-2310
- https://vuldb.com/?id.299723
- https://vuldb.com/?submit.514533
- https://vuldb.com/?ctiid.299723
- https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md
Affected packages
Git / github.com/hdfgroup/hdf5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hdfgroup/hdf5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "cpe": "cpe:2.3:a:hdfgroup:hdf5:1.14.6:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.14.6" } ] }
Affected versions
Other
before_removing_docs
before_removing_fphdf5
before_removing_mpiposix_vfd
before_removing_tbbt_code
before_signed_unsigned_changes
hdf5-1_0_0
hdf5-1_0_0-alpha2
hdf5-1_0_1
hdf5-1_13_0-rc1
hdf5-1_13_0-rc2
hdf5-1_13_0-rc3
hdf5-1_13_0-rc4
hdf5-1_13_0-rc5
hdf5-1_13_0-rc6
hdf5-1_2_0
hdf5-1_2_0-beta1-update2
hdf5-1_2_0beta
hdf5-1_2_1
hdf5-1_3_0
hdf5-1_3_1
hdf5-1_4_0
hdf5-1_4_1
hdf5-1_6_0
hdf5-1_6_1
hdf5-1_6_2
hdf5-1_8_0-alpha2
hdf5-1_8_0-alpha3
hdf5-1_8_0-alpha4
hdf5-1_8_0-beta1
hdf5-1_8_0-beta2
hdf5-1_8_0-beta3
hdf5-1_8_0-beta4
hdf5-1_8_0-beta5
hdf5-1_9-start
proto1
r1_1beta1
vms_last_support_trunk
hdf5-1.*
hdf5-1.14.5
hdf5-1.14.6
hdf5_1.*
hdf5_1.14.5
hdf5_1.14.6
snapshot-1.*
snapshot-1.14